Senior Secret Cleared Vulnerability Management specialist (10+ years) to develop artifacts, design and implement processes in support of the implementation

Our valued client is seeking a Senior Secret Cleared Vulnerability Management specialist (10+ years) to develop artifacts, design and implement processes in support of the implementation of an enterprise vulnerability management program (EVMP)

Cyber threat activities against the GC over the past months and years have exploited unmitigated vulnerabilities .The GC Enterprise Cyber Security Strategy (Strategy) identifies an enterprise vulnerability management program (EVMP) as a key initiative in order to prevent and resist cyber attacks more effectively, leading to greater protection of GC information and assets. The EVMP will increase the efficiency and efficacy of GC vulnerability management processes and increase the standard of posture management across the enterprise. It will enable increased visibility of assets and vulnerabilities, quicker identification of risks, more coordinated risk mitigation activities, the generation of more useful and insight metrics, and better overall cybersecurity outcomes.

Must Haves:

• Knowledge of vulnerability management technologies (e.g., Rapid 7 Nexpose)
• 5+ years experience with Data manipulation: ability to use advanced features of excel and scripting capabilities
• 5+ years experience with attack surface management technologies (e.g., Microsoft EASM)

Tasks:

• Program Design and Process Establishment: Assisting in the design, troubleshooting, and establishment of vulnerability management processes and communication patterns.
• Data engineering, architecture and analysis: Collaborating with database and platform experts to gather requirements, design scalable data architectures, and implement ETL processes to manage vulnerability management data. Ensure data quality and governance, utilize advanced analytics for actionable insights, and automate data processes. Explore interoperability with other tools to enhance our overall cybersecurity risk knowledge posture
• Vulnerability Severity Analysis and Prioritization: Analyzing and determining vulnerability severity and prioritization according to risk matrices and subject matter expertise.
• Patch Exemption Evaluation and Risk Mitigation: Evaluating patching exemption requests and providing risk mitigation strategies.
• Vulnerability Trends Monitoring: Monitoring industry and intelligence vulnerability information for emerging trends.
• Root Cause Analysis and Remediation Strategies: Accessing vulnerability management tools and data to perform root cause analysis on vulnerabilities and recommending best strategies to reduce vulnerabilities across the enterprise.
• Statistics and Metrics Generation: Generating statistics and metrics related to vulnerability management.
• Security Recommendations and Control Deployment: Providing technical, procedural, and policy recommendations and assisting with the deployment of mitigating security controls (e.g., for unavailable patches).
• Stakeholder Communication and Meetings: Written and verbal communication with stakeholders about vulnerability and requirement mitigation. Participating in stakeholder meetings to understand requirement, gaps, challenges, and solutions.
• Provide subject-matter expertise related to vulnerability management, including providing senior officials with advice and guidance on initiatives of both strategic and operational importance.
• Identify, research, develop, and suggest implementation of policies and procedures related to vulnerability management and operational best practices that will strengthen the GC’s security posture and operational environment.
• Review documents on current and emerging issues related to vulnerability management and related topics such as Purple Team, DevSecOps, Configuration Management and Attack Surface Management, including briefing materials, position papers, speaking points, policy research, and presentations for consistency with departmental and other government positions